UbuntuUpdates.org

Package "xserver-xorg-legacy"

Name: xserver-xorg-legacy

Description:

setuid root Xorg server wrapper

Latest version: 2:21.1.4-2ubuntu1.7~22.04.12
Release: jammy (22.04)
Level: updates
Repository: main
Head package: xorg-server
Homepage: https://www.x.org/

Links


Download "xserver-xorg-legacy"


Other versions of "xserver-xorg-legacy" in Jammy

Repository Area Version
base main 2:21.1.3-2ubuntu2
security main 2:21.1.4-2ubuntu1.7~22.04.12

Changelog

Version: 2:21.1.4-2ubuntu1.7~22.04.12 2024-10-30 13:06:59 UTC

  xorg-server (2:21.1.4-2ubuntu1.7~22.04.12) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow in _XkbSetCompatMap
    - debian/patches/CVE-2024-9632.patch: properly update size in
      xkb/xkb.c.
    - CVE-2024-9632

 -- Marc Deslauriers <email address hidden> Fri, 11 Oct 2024 10:23:05 -0400

Source diff to previous version
CVE-2024-9632 A flaw was found in the X.org server. Due to improperly tracked alloca ...

Version: 2:21.1.4-2ubuntu1.7~22.04.11 2024-07-08 11:07:12 UTC

  xorg-server (2:21.1.4-2ubuntu1.7~22.04.11) jammy; urgency=medium

  * d/p/fix-suspend-resume-with-no-input-device.patch (LP: #2056331)
    - Make sure info->active and info->vt_active are false
      after dropping drm master.
    - Normally, this is done when pausing the first
      input device, so it breaks when there are no
      input device at all.

 -- Talha Can Havadar <email address hidden> Fri, 12 Apr 2024 16:23:18 +0200

Source diff to previous version
2056331 [SRU] fix suspend/resume when there are no input devices

Version: 2:21.1.4-2ubuntu1.7~22.04.10 2024-04-10 02:06:47 UTC

  xorg-server (2:21.1.4-2ubuntu1.7~22.04.10) jammy-security; urgency=medium

  * SECURITY REGRESSION: Avoid possible double-free
    - debian/patches/CVE-2024-31083-regression.patch:
      fix a regression caused for a double-free at the last
      changes fixed by CVE-2024-31083 (LP: #2060354)

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 09 Apr 2024 00:18:52 -0300

Source diff to previous version
CVE-2024-31083 User-after-free in ProcRenderAddGlyphs

Version: 2:21.1.4-2ubuntu1.7~22.04.9 2024-04-04 22:06:50 UTC

  xorg-server (2:21.1.4-2ubuntu1.7~22.04.9) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap buffer over read
    - debian/patches/CVE-2024-31080.patch: fixes byte
      swapping in replies in Xi/xiselectev.c.
    - CVE-2024-31080
  * SECURITY UPDATE: Heap buffer over read
    - debian/patches/CVE-2024-31081.patch: fixes byte
      swapping in replies in Xi/xipassivegrab.c.
    - CVE-2024-31081
  * SECURITY UPDATE: Heap buffer over read
    - debian/patches/CVE-2024-31082.patch: makes
      ProcAppleDRICreatePixmap use unswapped length to
      send reply in hw/xquartz/xpr/appledir.c.
    - CVE-2024-31082
  * SECURITY UPDATE: User-after-free
    - debian/patches/CVE-2024-31083.patch: fix recounting of glyphs
      during ProcRenderAddGlyphs in render/glyph.c.
    - CVE-2024-31083

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 01 Apr 2024 17:24:38 -0300

Source diff to previous version
CVE-2024-31080 A heap-based buffer over-read vulnerability was found in the X.org ser ...
CVE-2024-31081 A heap-based buffer over-read vulnerability was found in the X.org ser ...
CVE-2024-31082 A heap-based buffer over-read vulnerability was found in the X.org ser ...
CVE-2024-31083 User-after-free in ProcRenderAddGlyphs

Version: 2:21.1.4-2ubuntu1.7~22.04.8 2024-01-30 15:08:42 UTC

  xorg-server (2:21.1.4-2ubuntu1.7~22.04.8) jammy-security; urgency=medium

  * SECURITY REGRESSION: memory leak due to incomplete fix (LP: #2051536)
    - debian/patches/CVE-2024-21886-3.patch: fix use after free in input
      device shutdown in dix/devices.c.

 -- Marc Deslauriers <email address hidden> Mon, 29 Jan 2024 07:43:15 -0500

CVE-2024-21886 Heap buffer overflow in DisableDevice



About   -   Send Feedback to @ubuntu_updates